mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-21 13:00:56 +01:00
No description
355b753df7
Summary: This prevents <applet /> attacks unless the attacker can upload an applet which has a viewable MIME type as detected by `file`. I'm not sure if this is possible or not. It should, at least, narrow the attack window. There are no real tradeoffs here, this is probably a strictly better application behavior regardless of the security issues. Test Plan: - Tried to download a file via GET, got redirected to info. - Downloaded a file via POST + CSRF from the info page. Reviewers: andrewjcg, erling, aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 759 |
||
|---|---|---|
| bin | ||
| conf | ||
| externals | ||
| resources | ||
| scripts | ||
| src | ||
| support/aphlict | ||
| webroot | ||
| .arcconfig | ||
| .divinerconfig | ||
| .gitignore | ||
| .gitmodules | ||
| CHANGELOG | ||
| README | ||
Phabricator is a open source collection of web applications which make it easier to write, review, and share source code. Phabricator was developed at Facebook. This is an early release. It's pretty high-quality and usable, but under active development so things may change quickly. You can learn more about the project and find links to documentation and resources at: http://phabricator.org/ LICENSE Phabricator is released under the Apache 2.0 license except as otherwise noted. http://www.apache.org/licenses/LICENSE-2.0